From owner-cvs-all Wed Aug 2 10:21: 6 2000 Delivered-To: cvs-all@freebsd.org Received: from nothing-going-on.demon.co.uk (nothing-going-on.demon.co.uk [193.237.89.66]) by hub.freebsd.org (Postfix) with ESMTP id 5F3B137BD2F; Wed, 2 Aug 2000 10:20:33 -0700 (PDT) (envelope-from nik@nothing-going-on.demon.co.uk) Received: (from nik@localhost) by nothing-going-on.demon.co.uk (8.9.3/8.9.3) id JAA67060; Wed, 2 Aug 2000 09:22:45 +0100 (BST) (envelope-from nik) Date: Wed, 2 Aug 2000 09:22:44 +0100 From: Nik Clayton To: Brian Fundakowski Feldman Cc: Kris Kennaway , "Chris D. Faulhaber" , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/security/fuzz Makefile ports/security/fuzz/files md5 ports/security/fuzz/patches patch-aa ports/security/fuzz/pkg COMMENT DESCR PLIST Message-ID: <20000802092244.A67002@catkin.nothing-going-on.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: ; from green@FreeBSD.org on Tue, Aug 01, 2000 at 10:41:12PM -0400 Organization: FreeBSD Project Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Aug 01, 2000 at 10:41:12PM -0400, Brian Fundakowski Feldman wrote: > I'm gonna see what bugs I can find with fuzz in the non-gnu stuff, of > course starting with your suggestions, and I'll post any specifics to > -audit. I encourage anyone else who's looking for some useful things > to do to join -audit, too! Theo posted the following list to Bugtraq. Presumably you can snarf the fixes from their tree: nc (netcat) - lack of buffer termination in code where it fakes argument parsing from stdin, causing strchr to run off the end - fixed mg - did not like stdin being redirected, and crashed in terminal initialization - fixed ctags - about 18 buffer overflows in token parsing - fixed lex - looks like 2 buffer overflows based on strcpy in parsing routines. - looks difficult to fix: not yet fixed. as - indexing into an array using signed char's: fixed - other bugs exist which trigger some assert()s, but since we are moving to a new version soon, we'll skip fixing those for now. makeinfo - part of texinfo. buffer overflow. still being looked at. sort - infinite loop when fed a single (and long) non-NL terminated line - not fixed yet indent - infinite loop if it encountered EOF while waiting for a '}' nesting terminator - fixed rdist - leaves /tmp files created using mkstemp() around - still trying to fix this - note that our rdist has not been setuid or setgid for roughly half of eternity cvsbug - leaves /tmp files lying around when terminating due to no action possible - fixed sendbug - leaves /tmp files lying around when terminating due to no action possible - fixed N -- Internet connection, $19.95 a month. Computer, $799.95. Modem, $149.95. Telephone line, $24.95 a month. Software, free. USENET transmission, hundreds if not thousands of dollars. Thinking before posting, priceless. Somethings in life you can't buy. For everything else, there's MasterCard. -- Graham Reed, in the Scary Devil Monastery To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message